Bug #6682

OpenVPN Client does not use "interface" configured. Connection always established through default gateway.

Added by Jose Duarte almost 4 years ago. Updated almost 4 years ago.

Not a Bug
Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


Tested with 2.3, 2.3.1 and 2.3.2
Test scenario: configure multiple WANs, use WAN1 as default gateway, configure OpenVPN client interface WAN2, go to states and check target IP address. Connection will be made through default gateway WAN1.

Workaround: Configure static routes for the openvpn client (completely kills any HA scenario)

Our main purpose is the use a GatewayGroup as the interface for the openvpn connection so we have redundancy on the connection when a WAN fails. Still, if the openvpn client uses always the default gateway this will never work.


#1 Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Not a Bug
  • Priority changed from Very High to Normal
  • Affected Version deleted (2.3.2)

The state table is fibbing to you a little bit in that case. pf is sending the traffic out the correct WAN, but the interface-bound states show it hitting the interface it originally tried to use. Check the IP address seen by the remote node, and run a packet capture, and you'll find the traffic is actually using the correct WAN, even if the state says otherwise.

I just tested and confirmed this again. We should probably add an FAQ about it, given that is is confusing/unintuitive.

Also available in: Atom PDF